CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-53069
High

A null-pointer dereference vulnerability was found in the Linux kernel's xdp_master_redirect() function when redirecting XDP traffic to a master interface (bond) that has not been brought up. The issue occurs when a bond interface in round-robin mode lacks the rr_tx_counter because it never went through bond_open().

CVE-2026-53068
High

In the Linux kernel, a vulnerability was found in the komeda DRM driver where the AFBC framebuffer size validation did not check for integer overflow. Adding the AFBC payload size to the framebuffer offset could overflow, allowing the size check to pass incorrectly and accept an undersized GEM object. This could lead to out-of-bounds memory access.

CVE-2026-53062
High

In the Linux kernel, the dm-cache policy SMQ lacks proper locking when invalidating cache blocks in passthrough mode. The invalidate_mapping operation is called concurrently from multiple workers without protection, leading to data races on the allocated blocks counter and potential use-after-free issues in internal data structures.

CVE-2026-53057
High

In the Linux kernel, the RISC-V IOMMU subsystem lacked required TLB and context cache invalidations after updating DDT/PDT entries. The riscv_iommu_iodir_iotinval() function was added to comply with the RISC-V IOMMU specification.

CVE-2026-53054
High

In the Linux kernel, a locking bug was found in the drm/msm driver's VM_BIND UNMAP operation. An incorrect argument caused objects involved in UNMAP operations not to be consistently locked, potentially leading to synchronization issues.

CVE-2026-53053
High

In the Linux kernel, a vulnerability was found in the AMD IOMMU subsystem's clone_alias() function. It incorrectly assumed the first argument (pdev) always points to the original device, while it could be an alias device. This caused the wrong devid to be used when copying DTE entries, leading to incorrect or stale entries being propagated to the alias device.

CVE-2026-53050
High

A race condition in the Linux kernel's dquot_scan_active() function during quota deactivation can lead to use-after-free, potentially causing system instability.

CVE-2026-53044
High

In the Linux kernel, a vulnerability was found in the Tegra CBB SoC subsystem due to incorrect use of the ARRAY_SIZE macro in fabric lookup tables. This flaw can cause out-of-bounds memory access during target timeout lookup.

CVE-2026-53041
High

In the Linux kernel, a bug was found in the OCFS2 filesystem's listxattr() function. When an inode has both inline and block-based extended attributes and the inline names exactly fill the caller's buffer, the function may return a size larger than the buffer, causing a kernel panic (BUG).

CVE-2026-53040
High

In the Linux kernel, a vulnerability in the OCFS2 filesystem lacks validation of the bg_bits field during freefrag scan in the non-coherent path. A crafted filesystem can cause an out-of-bounds memory read (use-after-free) when the OCFS2_IOC_INFO ioctl is called with the OCFS2_INFO_FL_NON_COHERENT flag.

CVE-2026-53036
High

In the Linux kernel, the BPF JIT for ARM64 has an off-by-one error in the check_imm macro that validates branch displacement fits into a signed N-bit immediate field. The error allows values one bit wider than intended, potentially causing incorrect instruction encoding and reversing branch direction.

CVE-2026-53033
High

A vulnerability was found in the Linux kernel's BPF sockmap mechanism for AF_UNIX sockets. During a sockmap update by a BPF iterator program, a race condition causes the `peer` pointer to become stale in `unix_stream_bpf_update_proto()`, leading to a use-after-free. The fix adds a state lock during iteration.

CVE-2026-53031
High

A vulnerability was found in the Linux kernel in the arena_alloc_pages() function of the BPF subsystem. The function accepts a node_id as a plain int and forwards it without any bounds checking. Lack of validation may lead to incorrect memory allocation behavior.

CVE-2026-53026
High

In the Linux kernel's NFSD subsystem, a bug in nfsd4_add_rdaccess_to_wrdeleg causes an unnecessary increment of the nfs4_file access count. When another thread has already set read access, calling __nfs4_file_get_access again leads to an extra count, preventing the nfsd_file object from being freed. This triggers a BUG when stopping the NFS service.

CVE-2026-53025
High

A use-after-free vulnerability was found in the Linux kernel's greybus raw driver. When a raw bundle is disconnected but its character device (cdev) is still open by an application, releasing the cdev accesses freed memory, potentially causing a system crash.

CVE-2026-53024
High

A use-after-free vulnerability was found in the Greybus RAW driver of the Linux kernel. If a user writes to the character device after disconnect has been called, a NULL pointer dereference occurs causing a kernel panic. The issue is due to missing synchronization between write operations and connection destruction.

CVE-2026-53020
High

A potential race condition was found in the Linux kernel during TLB synchronization. The issue arises from missing proper locking when traversing and modifying page tables. To simplify the fix, split page table locking has been disabled.

CVE-2026-53016
High

In the Linux kernel, a vulnerability was found in the CCP (crypto: ccp) driver. The ccp_aes_complete() function restored 16 bytes (AES_BLOCK_SIZE) into the IV buffer, while the RFC3686 algorithm uses an 8-byte IV, causing a buffer overrun.

CVE-2026-53011
High

A use-after-free vulnerability was found in the Linux kernel's taprio network scheduler. The bug occurs in advance_sched() during schedule switching, where the 'next' pointer still references the old schedule after it has been freed via call_rcu().

CVE-2026-53009
High

In the Linux kernel, the ice driver has a double-free vulnerability of the skb buffer when ice_tso() or ice_tx_csum() fail. The pointer to skb remains in tx_buf, causing a second free when the interface is brought down.

PreviousPage 49 of 3321Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS